Hardware-protective data processing systems and methods using an application executing in a secure domain

1 . A data processing system supporting a secure domain and a non-secure domain, the system comprising: a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain, and a hardware component with a property, said property having a secure state, wherein said property in the secure state can only be reconfigured responsive to instructions received from the secure domain, wherein said secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application. 2 . A system according to claim 1 that supports a secure domain and a non-secure domain instantiated using domain-aware bus fabric and security extensions. 3 . A system according to claim 1 , wherein said secure application is a trusted application and either: the only applications the processor device executes in the secure domain are trusted applications, or the processor device implements a restricted operating system environment, and any untrusted applications the processor executes in the secure domain are sandboxed in the restricted operating system environment. 4 . A system according to claim 1 , wherein the hardware component comprises plural sub-components, the plural sub-components include a first sub-component and a second sub-component, wherein the first sub-component has said property that can only be reconfigured responsive to instructions received from the secure domain and the second sub-component does not have a property that can only be reconfigured responsive to instructions received from the secure domain. 5 . A system according to claim 1 , wherein the hardware component has a set of configuration options and the application programming interface exposes only a sub-set of the configuration options of the hardware component to applications in the non-secure domain. 6 . A system according to claim 1 , wherein the secure application implemented by the processor device is operative to set said property of the hardware component to the secure state at selected times. 7 . A system according to claim 6 , wherein the secure application is operative to set said property of the hardware component to the secure state responsive to a determination that a threat condition exists. 8 . A system according to claim 1 , wherein the processor device implements an operating system in the non-secure domain, and said operating system issues a query that discovers the configuration service offered by said secure application and detects the associated application programming interface. 9 . A method of securing a hardware component of a data processing system, the data processing system supporting a secure domain and a non-secure domain and comprising a processor device having operating modes in the secure domain and non-secure domain, the hardware component having a property, said property having a secure state, wherein said property in the secure state can only be reconfigured from the secure domain, the method comprising: causing the processor device of the data processing system to execute a secure application in the secure domain, wherein said secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application. 10 . The method of securing a hardware component according to claim 9 , wherein said secure application is a trusted application and either: the only applications the processor device executes in the secure domain are trusted applications, or the processor device implements a restricted operating system environment and sandboxes untrusted applications in the restricted operating system environment. 11 . The method of securing a hardware component according to claim 9 , and comprising: causing the processor device to implement an operating system in the non-secure domain, and said operating system issuing a query that discovers the configuration service offered by said secure application and detects the associated application programming interface. 12 . A data center comprising plural processing nodes, wherein the plural processing nodes include a processing node supporting a secure domain and a non-secure domain and system comprising: a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain, and a hardware component with a property, said property having a secure state, wherein said property in the secure state can only be reconfigured responsive to instructions received from the secure domain, wherein said secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming associated with the secure application.